• Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Moderate
  • Versions: 3.0.0 through 3.9.4
  • Exploit type: XSS
  • Reported Date: 2019-March-25
  • Fixed Date: 2019-April-09
  • CVE Number: CVE-2019-11358


The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.9.4


Upgrade to version 3.9.5


The JSST at the Joomla! Security Centre.

Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST)